(In)Compatibility Issues Between 1.4 and 1.5

Sean Elble elbles at sessys.com
Wed May 9 23:24:09 EDT 2007 

I may have gotten it, thanks to this thread that I found once I started
kpropd on the console, and saw some more useful information:

http://mailman.mit.edu/pipermail/krb5-bugs/2006-June/004749.html

Just in case that helps anyone else out . . . Now I finally have Kerberos
and OpenLDAP replication working (with SASL-GSSAPI for the LDAP part). Who
needs Active Directory? :-)

On 5/9/07 7:52 PM, "Sean Elble" <elbles at sessys.com> wrote:

> Hi all,
> 
> This is my first time posting on the list, mainly because the documentation
> is terrific, and I really haven't had any problems with Kerberos - Until
> now, of course.
> 
> My issue is in setting up a slave KDC here at my home "lab". My master (and
> only, to this point) KDC is running on a FC4 box, and is currently at
> whatever the last version of Kerberos is that was available on that version
> of Fedora (1.4.1). Yeah, I know I need to upgrade that box, but first thing
> is first, and I need to get another box doing Kerberos and OpenLDAP before
> this other box can be touched.
> 
> So, I tried setting up this slave KDC on a fresh CentOS 5 box. I followed
> the instructions listed on the install page, but when it comes to run kprop
> on the master, I get this message:
> 
> [root at intranet ~]# kprop -d -f /var/kerberos/krb5kdc/slave_datatrans
> athena.sessys.com
> 8976 bytes sent.
> kprop: Software caused connection abort while reading response from server
> 
> And from the /var/log/messages log on athena.sessys.com:
> 
> May  9 19:40:39 athena kpropd[22326]: Connection from intranet.sessys.com
> May  9 19:40:39 athena kpropd[22326]: /usr/kerberos/sbin/kpropd:
> /usr/kerberos/sbin/kdb5_util returned a bad exit status (1)
> 
> It at least partially worked, as I get this for a ls in
> /var/kerberos/krb5kdc:
> 
> [root at athena log]# ls -lah /var/kerberos/krb5kdc/
> total 44K
> drwxr-xr-x 2 root root 4.0K May  9 19:40 .
> drwxr-xr-x 3 root root 4.0K May  9 19:22 ..
> -rw------- 1 root root 8.8K May  9 19:40 from_master
> -rw-r--r-- 1 root root  807 May  9 19:24 kdc.conf
> -rw-r--r-- 1 root root   70 May  9 19:25 kpropd.acl
> -rw------- 1 root root 8.0K May  9 19:40 principal~
> -rw------- 1 root root 8.0K May  9 19:40 principal~.kadm5
> -rw------- 1 root root    0 May  9 19:40 principal~.kadm5.lock
> -rw------- 1 root root    0 May  9 19:40 principal~.ok
> 
> Kpropd.acl should be configured correctly, as it has the host principals for
> both the master and slave on both the master and the slave. The principals
> are configured correctly, and their keytabs should be extracted correctly -
> After all, it is getting fairly far in the process.
> 
> As best as I can figure, this is an issue/incompatibility between the
> different Kerberos versions, but if anyone wants to confirm or deny that, I
> would very much appreciate it (as I will otherwise try to install a matching
> version on the master KDC, after backing up my database, of course). Thanks,
> in advance.

-- 
+-------------------------------------------------+
|  Sean Elble                                     |
|  Virginia Tech, Class of 2008                   |
|  Vice President, VTLUUG                         |
|  E-Mail:   elbles at sessys.com                    |
|  Web:      http://www.sessys.com/~elbles/       |
|  Cell:     860.946.9477                         |
+-------------------------------------------------+


________________________________________________________________________
SES Computer Systems Anti-Virus and Anti-Spam E-Mail Filtering
Powered By ClamAV & SpamAssassin

More information about the Kerberos mailing list